Domain of interest and research

Since 2004 I've been performing research into the attack patterns and malware behaviour areas, designing countermeasures and developing prototypes for the research projects I've worked on.

As part of the NICS team, we designed an automated attack platform for the national SACO research project. Based on an architecture centered on the use of virtualized scenarios deployment, we modeled attacks patterns and conducted automated training guide for operators. As a result, we developed an expert system able to guide operators in the process of attacking hosts selected as objetives. This work has been incorporated into the iPhalanx CTR product sold by INDRA.

I've been also working in the Critical Infrastructure area as member of the UMA team, both for national research projects (PROTECT-IC, SECRET and eCid) and european research projects (FACIES). My contribution was centered in the penetration testing of CI equipments, modeling of intrusion detection architectures, and the design of countermeasures.

Intrusion detection was also an area where I've been working on in the past.As part of the SEGUR@ project team, I've been working actively in the design of an intrusion detection solution based on mobile agents that uses Intel VPRO technology for protecting and reacting to attacks in a compromised network. Moreover, I've been involved in the design of a new architecture for antivirus systems that also employs Intel VPRO technology, mainly Intel AMT, for protecting the communication between elements of the antivirus solution while also isolating a compromised system in realtime.

Current research

Attack patterns and Malware analysis

Adaptive Honeypots

Malware Intelligence

Education

Master in Software Engineering and Artificial Intelligence, a post graduate program with quality mention from the Spanish Ministry of Science and Education, University of Malaga.

Abstract

Recent news have raised concern regarding the security on the IoT field. Vulnerabilities in devices are arising and honeypots are an excellent way to cope with this problem. In this work, current solutions for honeypots in the IoT context, and other solutions adaptable to it are analyzed in order to set the basis for a methodology that allows deployment of IoT honeypot.

Abstract

Crowdsourcing can be a powerful weapon against cyberattacks in 5G networks. In this paper we analyse this idea in detail, starting from the use cases in crowdsourcing focused on security, and highlighting those areas of a 5G ecosystem where crowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and cybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of IoT objects coexist. The analysis is made considering the different participants in a 5G IoT ecosystem.

Abstract

In this paper we propose the Hogney architecture for the deployment of malware-driven honeypots. This new concept refers to honeypots that have been dynamically configured according to the environment expected by malware. The adaptation mechanism designed here is built on services that offer up-to-date and relevant intelligence information on current threats. Thus, the Hogney architecture takes advantage of recent Indicators Of Compromise (IOC) and information about suspicious activity currently being studied by analysts. The information gathered from these services is then used to adapt honeypots to fulfill malware requirements, inviting them to unleash their full strength.